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Security units, memory units, data processing units and data encryption methods 



(54) 



(57) A security unit (52) to prevent unauthorized re- 
trieval of data includes an encrypting unit (54) for en- 
crypting data in accordance with commands received 
by the security unit (52). and a common register (53) tor 
storing both intermediate results and final results of the 
data encryption A switching element (60) operatively 



coupled to the register (53) selectively outputs the con- 
tents of the register. The switching element (60) is con- 
trolled to prevent external access to the intermediate re- 
sults of the encryption. The security unit (52) is particu- 
larly useful as part of a memory unit (40) that is attach- 
able to a recording/reproduction device such as a digital 
audio recorder/player. 
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Description 

[0001] The present invention relates generally to se- 
curity units, memory units ; data processing units and da- 
ta encryption methods, and in particular to a security unit 
for use in a memory unit and/or a data processing unit, 
such as to prevent unauthorized retrieval of data stored 
in the memory or dala processing units. 
[0002] In conventional non-volatile memory such as 
EEPROM (Electrically Erasable Programmable ROM), 
two transistors are employed to store one bit of informa- 
tion. As result, the memory area per bit is large, which 
limits the ability to raise the integration of the memory. 
On the other hand, this problem has been eliminated in 
a recently-developed flash memory in which one bit is 
stored using a single transistor according to the "all-bit- 
simultaneous-erase" method. In the not so distant fu- 
ture, it is expected that the flash memories will replace 
conventional record mediums such as magnetic and op- 
tical discs in many applications. 

[0003] Flash memory-based memory cards or "mem- 
ory sticks™" that are attachable to and detachable from 
a card reatling/recordingunit are also known. With the 
advent of this type of memory card digital audio record- 
ing/reproducingunits have been developed which use 
the memory card instead of a conventional disc shaped 
medium such as a CD (Compact Disc) or a mini-disc. 
[0004] An audio recorder that uses a memory card as 
a record medium typically employs a data compressing 
method which allows data to be restored in a relatively 
high quality for recording/reproducing. Encryption tech- 
niques can be implemented to protect the copyright of 
music titles recorded and reproduced with this audio re- 
corder. As an example, the audio recorder can be de- 
signed to determine, via an encryption technique, 
whether a memory card is invalid and thus prohibited 
from being used with the recorder. In other words, a valid 
recorder and a valid memory card in combination allow 
encrypted data to be decrypted. In addition to the cop- 
yright protection, encryption technologies may be used 
to protect the security of other information stored in the 
memory card. 

[0005] Conventional memory cards do not have an 
encrypting function. Thus, when secret data is recorded 
to a memory card, the data is encrypted on the "set" 
side, i.e., in the device ("set") that the card is inserted 
into and which sets up the data for recording. The en- 
crypted data is then transferred to the memory card for 
storage. If a decryption key is also stored in the memory 
card, the data security of the card is compromised. On 
the other hand, when a decryption key is stored in a par- 
ticular set, data originally encrypted by that set and re- 
corded on a memory card cannot be decrypted by sets 
other than that particular set. Thus, the compatibility of 
memory cards cannot be maintained. To solve this prob- 
lem, a system has been proposed in which a set and a 
memory card each have an encrypting function, thus en- 
abling the set and memory card to be mutually authen- 



ticated. The memory card in this case can be considered 
a "smart card" having processing circuitry to carry out 
the data encryption. With this approach, both the secu- 
rity and compatibility of cards can be maintained. 

5 [0006] A security unit having the above authenticating 
and encrypting functions may encrypt according to the 
Data Encryption Standard (DES). The DES is a block 
encrypting system in which text is block-segmented and 
each block segment is encrypted. With DES, input data 

io of 64 bits is encrypted with a key of 64 bits (in reality, a 
key of 56 bits and a parity of 8 bits) and encrypted data 
of 64 bits is output. The DES has four use modes, one 
of which is a Cipher Block Chaining (CBC) mode. The 
CBC mode is a feedback type mode in which text of 64 

15 bits and the preceding encrypted data (of 64 bits) are 
XORed and the result is input to the DES unit. In the 
initial state, since there is no encrypted data, an initial- 
ization vector is used. In addition, as data is being ex- 
changed between the set and the memory card, random 

20 numbers may be generated and added to the data. 
[0007] When a memory card has an internal security 
unit, the set may send a command to the memory card 
and the memory card may respond by sending data 
back which includes an encryptionkey, so as to mutually 

25 authenticate the set and the card. The encrypting circuit 
of the memory card has a register, the content of which 
is forwarded to the set in response to the command is- 
sued by the set. Another register that stores an interme- 
diate calculation result of the encrypting process may 

30 also be required. For example, in the case where there 
is only one encrypting circuit, when an encrypting proc- 
ess is to be performed a number of times, a register is 
provided for storing the intermediate calculation result 
of the encrypting process, This register is prohibited 

35 from being externally accessed. The intermediate cal- 
culation result may be used lo decrypt the encrypted da- 
ta. 

[0008] Accordingly, a memory card with an internal 
security unit may be provided with two types of registers: 

40 an accessible register for storing data to be transferred 
to the set in response to a command requesting the 
same; and a non-accessible register for storing an in- 
termediate calculation result of the encryption process. 
Consequently, with two registers, the circuit scale of the 

45 security unit becomes large. This hampers the ability to 
increase the integration of the security unit structured 
as an IC chip. When the encryption process is to be per- 
formed a number of times, in order to remove a register 
that temporarily stores data, it is necessary to employ a 

so plurality of encryption circuits so as to obtain all final da- 
ta (encrypted data) at about the same litre. Thus, in this 
case, the circuit scale also increases. 
[0009] Accordingly, an aim of at least an embodiment 
of the present invention is to provide a security unit that 

55 allows security to be maintained in a small circuit scale. 
[0010] Another aim is to provide a memory unit that 
includes a security unit with a small circuit scale. 
[001 1 ] Respective aspects of the invention are set out 
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in claims 1, 5, 11, 16, 17 and 18. 

[0012] In an illustrative embodiment o1 the invention, 
a security unit includes an encrypting unit for encrypting 
data in accordance with commands received by the se- 
curity unit and a common register for storing both inter- 5 
mediate results and final results of the data encryption. 
A switching element operatively coupled to the register 
selectively outputs the conlenls of the register. The 
switching element is controlled to prevent external ac- 
cess to the intermediate results of the encryption. The io 
security unit is particularly uselul as part of a memory 
unit that is attachable to a recording/reproduction device 
such as a digital audio recorder/player. 
[0013] Advantageously, since a common register 
functions to store both the intermediate calculation re- 15 
suit and the final result of the encryption process, it is 
not necessary to employ a plurality of registers for these 
functions. In addition, it is not necessary to utilize mul- 
tiple encrypting circuits. Thus, the circuit scale of the se- 
curity unit can be reduced. 20 
[0014] The invention will now be described by way of 
example with reference to the accompanying drawings, 
throughout which like parts are referred to by like refer- 
ences, and in which: 

25 

FIG. 1 depicts the overall structure of a recorder/ 
player and a memory card in accordance with an 
embodiment ol the present invention; 
FIG. 2 depicts the internal structure of a security 
type memory card in accordance with an embodi- 30 
ment of the present invention; 
FIG. 3 depicts the internal structure of a non-secu- 
rity type memory card in accordance with an em- 
bodiment of the present invention; 
FIG. 4 depicts the structure of a file system process- 35 
ing hierarchy of a flash memory according lo an em- 
bodiment of the present invention; 
FIG. 5 illustrates a format of a physical data struc- 
ture of a flash memory; 

FIG. 6 depicts the structure of a boot block of a flash 40 
memory; 

FIG. 7 depicts the structure of boot and attribute in- 
formation of a boot block of a flash memory; 
FIGS. 8A and BB illustrate the relation between con- 
tents and a key; 45 
FIG. 9 is a diagram to which reference will be made 
in explaining an encrypting process in a record op- 
eration; 

FIG. 1 0 is a diagram to which reference will be made 
in explaining an authenticating process; 50 
FIG. 11 is a diagram to which reference will be made 
in explaining an encrypting process in a record op- 
eration; 

FTG. 12 is a diagram to which reference will be 
made in explaining an encrypting process in a re- 55 
producing operation; 

FIG. 1 3 is a diagram to which reference will be made 
in explaining an encrypting process in a reproduc- 



ing operation; 

FIG. 1 4 is a diagram to which reference will be made 
in explaining an operation of an interface disposed 
between the recorder and the memory card; 
FIG. 1 5 is a diagram to which reference will be made 
in explaining an operation of an interface disposed 
between the recorder and the memory card; 
FIG. 16 is a table depicting examples of protocol 
commands that may be used in embodiments of the 
invention; 

FIGS. 17-18 are tables illustrating commands that 

may be used in embodiments of the invention; 

FIG. 19 is a schematic block diagram of a memory 

unit in accordance with the invention; and 

FIG. 20 is a schematic block diagram showing the 

structure of a security block in accordance with the 

invention. 

[0015] FIG. 1 is a block diagram showing the structure 
of a digital audio recorder/player 1 according to a pre- 
ferred embodiment of the present invention. Digital au- 
dio recorder/player 1 records and reproduces a digital 
audio signal using a detachable memory card (or a 
Memory Stick™) 40. Recorder/player 1 may be a part 
of an audio system along with an amplifying unit (not 
shown), speakers (not shown), a CD player (not shown), 
an MD recorder (not shown), a tuner (not shown), and 
so forth. However it should be noted that the present 
invention may be applied to other audio sets. For in- 
stance, recorder/player 1 may be a portable device. The 
present invention may also be applied to a set top box 
that records digital audio data that is circulated via sat- 
ellite data communication, digital broadcast, or the In- 
ternet, etc. Moreover, the present invention may be ap- 
plied to a system that records/reproduces moving pic- 
lure data and still picture data rather than audio data. A 
system according to an embodiment of the present in- 
vention may also record and reproduce additional infor- 
mation, such as picture and text, other than a digital au- 
dio signal. 

[0016] Recorder/player 1 has a Central Processing 
Unit ("CPU") 2, a security block 3, an operation button 
4, and a display device 5. Security block 3, operation 
button 4, and display device 5 are connected to CPU 2 
through a bus 16. Security block 3 includes a Data En- 
cryption Standard ( n DES H ) encrypting circuit Data such 
as a record command, a reproduction command, or the 
like corresponding to a user's opcrationofoperation but- 
ton 4 is supplied to CPU 2 through bus 16. Various in- 
formation, the operation stale of recorder/player 1 , and 
so forth are displayed on display device 5. An audio in- 
terlace 6 is disposed between an external input/output, 
which will be described in lurther detail below, and an 
internal audio encode r/decoder7. 

[0017] As will be described later, memory card 40 is 
an IC chip having a flash memory (non-volatile memory) 
42, a control block 41 , a security block 52 (security block 
52 may include a DES encrypting circuit), a communi- 
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cation interface, a register, and so forth. Memory card 
40 is attachable to recorder/player 1 and detachable 
therefrom. According to an embodiment, recorder/play- 
er 1 is also compatible with a memory card that does 
not have an encrypting function (namely, security block 
52). 

[0018] Audio encoder/decoder 7 encodes digital au- 
dio data in accordance with a highly efficient encoding 
method to be written to memory card 40. In addition, en- 
coder/decoder 7 decodes encoded data read from 
memory card 40. The highly efficient ATRAC3 format 
encoding method, which is a modification of the Adap- 
tive Transform Acoustic Coding ("ATRAC") format used 
for MDs, may be used. 

[0019] In the ATRAC3 format, audio data sampled at 
44. 1 kHz and quantized with 1 6 bits is encoded with high 
efficiency The minimum data unit of audio data for 
processing is a sound unit ("SU"). 1 SU contains data 
of 1024 samples, thus comprising (1024 x 16 hits x 2 
channels) bits, that is compressed to data of several 
hundred bytes. The duration ol 1 SU is approximately 
23 msec. Under this highly efficient encoding method, 
the size of compressed data is approximately 10 times 
smaller than that of the original data. As compared to 
the ATRAC1 format used in MDs, an audio signal com- 
pressed and decompressed according to the ATRAC3 
fonnat is less deteriorated in audio quality. 
[0020] Illustratively, an analog input 8 supplies a re- 
production output signal of an MD, a tuner, or a tape to 
an Analog-to-DigitalfA/D") converter 9. A/D converter 
9 converts the signal from analog input 8 to a digital au- 
dio signal (sampling frequency = 44.1 kHz; the number 
of quantizing bits =16) and supplies the converted dig- 
ital audio signal to audio interface 6. A digital input 10 
supplies a digital output signal of an MD, a CD, a digital 
broadcast signal, or network circulated audio data to au- 
dio interface 6. The digital input signal is transmitted 
through, for example, an optical cable. Audio interface 
6 selects an input digital audio signal from A/D converter 
9 and digital input 10 and supplies the selected input 
digital audio signal to audio encoder/decode r7 
[0021] Audio encoder/decoder7 encodes the input 
digital audio signal and supplies the encoded data to se- 
curity block 3. Security block 3 encrypts the encoded 
data received from audio encoder/decode r7 so as to 
protect copyrights on the contents of said data (in this 
example, a digital audio signal). Security block 3 of re- 
corder/player 1 may have a plurality of master keys and 
a unit unique storage key. In addition, security block 3 
may have a random number generating circuit (not 
shown). When memory card 40 having security block 52 
is attached to recorder/player 1, security block 3 of re- 
corder/player 1 determines whether or not memory card 
40 is valid (namely, authenticates memory card 40). Af- 
ter security block 3 of recorder/player 1 has properly au- 
thenticated memory card 40 security block 3 of record- 
er/player 1 and security block 52 of memory card 40 
share a session key. 



[0022] The encrypted audio data that is output from 
security block 3 is supplied to CPU 2. CPU 2 communi- 
cates with memory card 40 through a bidirectional serial 
interlace 11. In an embodiment, memory card 40 is at- 

5 tached to an attaching/detaching mechanism (not 
shown) of recorder/player 1 . CPU 2 writes the encrypted 
data to flash memory 42 of memory card 40. The en- 
crypted data is serially transmitted between CPU 2 and 
memory card 40. 

10 [0023] CPU 2 reads encrypted audio data from mem- 
ory card 40 through memory interface 11 and supplies 
such data to security block 3. Security block 3 decrypts 
the encrypted audio data. The decrypted audio data is 
supplied to audio encoder/decoder7 which decodes the 

*5 decrypted audio data. An output signal of audio encod- 
er/decoded is supplied to a D/A converter 12 through 
audio interface 6 D/A converter 12 converts the digital 
audio data into an analog audio signal and transmits the 
same through output 1 3. Audio data received from audio 

20 encode r/decoder7 and decrypted data received from 
security block 3 may also be outputted as digital output 
signals through outputs 14 and 15, respectively, through 
interface 6. 

[0024] FIG. 2 is a block diagram showing the internal 

25 structure of memory card 40. Memory card 40 is a one 
chip integrated circuit ("IC") comprising control block 41 , 
security block 52, and flash memory 42. As shown in 
FIG. 2, bidirectional serial interface 11 disposed be- 
tween CPU 2 of recorder/player 1 and memory card 40 

30 is composed of 1 0 lines, which include a clock line SCK 
for transmitting the clock signal that is transmitted along 
with data, a status line SBS for transmitting a status sig- 
nal, a data line DIO for transmitting data, an interrupt 
line INT, two GND lines, two VCC lines, and two re- 

35 served lines. 

[0025] Four major lines of the 10 lines are clock line 
SCK, status line SBS, data line DIO, and interrupt line 
INT. Clock line SCK is used to send a clock signal to 
synchronize data transfer. Status line SBS is used to 

40 send a status signal that represents the status of mem- 
ory card 40. Data line DIO is used to input and output a 
command and encrypted audio data. Interrupt line INT 
is used to send an interrupt request signal from memory 
card 40 issues to CPU 2 of recorder/player 1. When 

45 memory card 40 is attached to recorder/player 1 , an in- 
terrupt signal is generated In another embodiment, the 
interrupt signal is sent through data line DIO in which 
case interrupt line INT is grounded and not used. 
[0026] A serial/parallel and parallel/serial interface 

50 bloc ("S/P and P/S IF block") 43 is an interface of con- 
trol clock 41 coupled to interface 11. S/P and P/S IF 
block 43 converts serial data received from recorder/ 
player 1 into parallel data. It also converts parallel data 
of control block 41 into serial data, and supplies the se- 

55 rial data to recorder/player 1. In addition, S/P and P/S 
IF block 43 separates a command and data received 
through data line DIO into those for accessing flash 
memory 42 andthose for performing an encrypting proc- 
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ess. 

[0027] In other words, with the data line DIO, after a 
command is sent, data is sent. S/P and P/S IF block 43 
determines whether the received command and data 
are for accessing flash memory 42 or tor performing the 
encrypting process by the code of the received com- 
mand. Corresponding to the determined result, a com- 
mand for accessing flash memory 42 is stored to a com- 
mand register 44 and data is stored to a page buffer 45 
and a write register 46. In association with write register 
46, an error correction code encoding circuit 47 is dis- 
posed. Error correction code encoding circuit 47 gener- 
ates a redundant code of an error correction code for 
data temporarily stored in page buffer 45. 
[0028] Output data of command register 44, page 
buffer 45, write register 46, and error correction code 
encoding circuit 47 is supplied to a flash memory inter- 
face and sequencer ("memory IF and sequencer") 51. 
Memory IF and sequencer 51 is an interface coupled to 
flash memory 42 and controls data exchanged between 
flash memory 42 and control block 41 , for example, data 
is written to flash memory 42 through memory IF and 
sequencer 51 . 

[0029] Data read from flash memory 42 is supplied to 
page buffer 45, a read register 48, and an error correct- 
ing circuit 49 through memory IF and sequencer 51 . Er- 
ror correcting circuit 49 corrects an error(s) of data 
stored in page buffer 45. Error corrected data output 
from page buffer 45 and data output from read register 
48 are supplied to S/P and P/S IF block 43 and then 
supplied to CPU 2 of recorder/player 1 through serial 
interface 11 . 

[0030] To protect copyrights on the contents (audio 
data compressed in the ATRAC3 format ("ATRAC 3 da- 
ta")) written to flash memory 42, security block 3 of re- 
corder/player 1 and security block 52 of memory card 
40 cooperate to encrypt the contents. Security block 52 
has a buffer memory 53, a DES encrypting circuit 54. a 
non-volatile memory 55, and so forth. 
[0031] As shown in FIG. 2, a configuration ROM 50 is 
disposed in control block 41 . Configuration ROM 50 
stores version information and various kinds of attribute 
information of memory card 40. Memory card 40 has a 
write protection switch 60 operable by a user. When 
switch 60 is placed in a write protection position, even 
if recorder/player 1 sends an erase command to flash 
memory 42, data stored in flash memory 42 is prohibited 
from being erased. When switch 60 is placed in a non- 
write protection position, data stored in flash memory 42 
is erasable. An oscillator 61 generates a clock signal 
used as a timing reference for processes performed in 
memory card 40. 

[0032] Security block 52 of memory card 40 has a plu- 
rality of authentication keys and a memory card unique 
storage key. Non-volatile memory 55 stores a decryp- 
tion or storage key that cannot be accessed from outside 
of security biock 52. Security block 52 has a random 
number generating circuit. Security block 52 can au- 



thenticate recorder/player 1 (which may form a dedicat- 
ed system that uses a predetermined data format) and 
share a session key therewith. A contents key for en- 
crypting ATRAC3 data is encrypted with the session key 

5 and sent between recorder/player 1 and memory card 
40. As with security block 52 of memory card 40, security 
block 3 of recorder/player 1 has a set unique storage 
key. When contents have been encrypted and are to be 
stored to flash memory 42, a corresponding contents 

to key is encrypted using the storage key and stored with 
the encrypted contents. 

[0033] FIG. 3 shows a memory card 40' that does not 
have an encrypting function. In other words, memory 
card 40' is a non-security type memory card. Unlike 

f£ memory card 40 shown in FIG. 2, memory card 40' does 
not include security block 52. The remaining structure 
of memory card 40' is substantially the same as that of 
memory card 40, In addition, the size and shape of 
memory card 40' may be the same as that of memory 

20 card 40. Since recorder/player 1 shown in FIG. 1 is a 
security type recorder, recorder/player 1 and the mem- 
ory card 40 arc mutually authenticated and a key is com- 
municated therebetween. When memory card 40', 
shown in Fig. 3, is attached to recorder/player 1 , record- 

25 er/player 1 determines that memory card 40' is a non- 
security type memory card and that it cannot be used 
with recorder/player 1 . 

[0034] There are several methods by which recorder/ 
player 1 may determine the type of memory card at- 

30 tached thereto. As one example, when memory card 40' 
is attached to recorder/player 1, a key is sent from re- 
corder/player 1 to memory card 40' so as to authenticate 
it. Since memory card 40' does not send a correct re- 
sponse to recorder/player 1, recorder/player 1 deter- 

35 mines that memory card 40' is not of the security type 
after a time-out period. As another example, when mem- 
ory card 40 or 40' is attached to recorder/player 1 , iden- 
tification information that represents whether or not the 
memory card is of the security type may be recorded in 

40 a predetermined area (boot area) of the memory card. 
Upon reading such identification information, recorder/ 
player 1 can determine the type of memory card at- 
tached thereto. 

[0035] In addition to recorder/player 1 shown in FIG. 

45 1 , a unit that can use non-security type memory card 40' 
is presented according to the present invention. One ex- 
ample is a digital handy movie camera that records a 
picture photographed with a Charge Coupled Device 
("CCD") camera to memory card 40' and reproduces the 

so photographed picture therefrom. As will be described 
later, according to an embodiment of the present inven- 
tion, to enhance the compatibility of memory card 40, it 
is structured so that a non-security device such as a dig- 
ital handy movie camera call record and reproduce data 

55 using memory card 40. In other words, as described 
above, S/P and P/S IP block 43 has a function for sep- 
arating command and data for flash memory 42 and 
those for security block 52. 
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[0036] In accordance with an embodiment, memory 
cards 40 and 40' store data using the File Allocation Ta- 
ble ("FAT") file system of a personal computer as with a 
disc shaped recording medium. Flash memory 42 com- 
prises an Initial Program Load ("IPL") area, a FAT area, 
and a route directory. The IPL area stores the address 
of a program that is initially loaded to a memory of re- 
corder/player 1 . In addition, the IPL area stores various 
kinds of information of flash memory 42. The FAT area 
stores data with respect to memory blocks in flash mem- 
ory 42. In other words, the FAT area stores values that 
represent non-used blocks, the next block number, bad 
blocks, and the last block. The route directory area 
stores a directory entry (file attribute, updated date 
(year, month, and day), start cluster, file size, and so 
forth). 

[0037] In addition to the file management system de- 
fined in the format of memory cards 40 and 40\ file man- 
agement information (a track information management 
file) for a music file may be defined. The track informa- 
tion management file is stored in flash memory 42 using 
a user block of memory cards 40 and 40'. Thus, even if 
the FAT of memory card 40 or 40' is broken, the file can 
be restored. 

[0038] The track information management file is cre- 
ated by CPU 2. When the power of recorder/player 1 is 
turned on, CPU 2 determines whether or not memory 
card 40 or 40' has been attached to recorder/player 1 . 
When memory card 40 or 40' has been attached to re- 
corder/player 1 , CPU 2 reads a boot block of flash mem- 
ory 42. In accordance with the identification information 
of the boot block, CPU 2 determines whether or not the 
attached memory card is a security type memory card. 
[0039] If memory card 40 is attached (i.e., security 
type), CPU 2 performs an authenticating process. Other 
data read from memory card 40 is stored in a memory 
(not shown) managed by CPU2. In flash memory 42 of 
memory card 40 or 40' that has not been used, before 
it is shipped, a FAT and a route direction are written. 
When data is recorded, the track information manage- 
ment file is created. After CPU 2 has authenticated 
memory card 40, recorder/player 1 records or reproduc- 
es an encrypted ATRAC3 data file. 
[0040] When data is recorded, a record command that 
is issued corresponding to the operation of operation 
button 4 is sent to CPU 2. The input audio data is com- 
pressed by encoder/decoder7. The ATRAC 3 data re- 
ceived from encoder/decoder 7 is encrypted by security 
block 3, CPU 2 stores the encrypted ATRAC3 data to 
flash memory 42 of memory card 40. Thereafter, the FAT 
and the track information management file are updated. 
Whenever the file is updated (namely, after audio data 
is recorded), the FAT and the track information manage- 
ment file are rewritten to a memory controlled by CPU 
2. When memory card 40 is detached from recorder/ 
player 1 or the power of recorder/player 1 is turned off, 
the final FAT and the track information management file 
are supplied from the memory to flash memory 42 of 



memory card 40. In this case, whenever audio data has 
been recorded, the FAT and the track information man- 
agement file stored in flash memory 42 may be rewrit- 
ten. When data is edited, the contents of the track inlor- 

5 mation management file are updated. 

[0041] FIG. 4 is a schematic diagram showing the hi- 
erarchy of the file system processes of a computer sys- 
tem that uses memory card 40 or 40' as a storage me- 
dium. As shown therein, the top hierarchical level is an 

io application process layer. The application process layer 
is followed by a file management process layer, a logical 
address management layer, a physical address man- 
agement layer, and a flash memory access layer. The 
file management process layer is the FAT file system. 

is Physical addresses arc assigned to individual blocks of 
flash memory 42 in memory card 40 or 40'. The relation- 
ship between the blocks of flash memory 42 and the 
physical addresses thereof does not vary. Logical ad- 
dresses are addresses that are logically handled on the 

20 file management process layer. 

[0042] FIG. 5 is a schematic diagram showing the 
physical structure of data handled in flash memory 42 
of memory card 40 or 40'. In flash memory 42, a data 
unit (referred to as a segment) is divided into a prede- 

25 termined number of blocks (fixed length) One block is 
divided into a predetermined number of pages (fixed 
length). In flash memory 42, data is erased one block at 
a time. Data is written to flash memory 42 or read there- 
from one page at a time. The size of each block is the 

30 same. Likewise, the size of each page is the same. One 
block is composed of page 0 to page m. One block may 
have a storage capacity of 8 KB (kilobytes) or 1 6 KB and 
one page may have a storage capacity of 51 2 B (bytes). 
When one block has a storage capacity of B KB, the total 

35 storage capacity of flash memory 42 is 4 MB (512 
blocks) or 8 MB (1024 blocks). When one block has a 
storage capacity of 16 KB, the total storage capacity of 
flash memory 42 is 16 MB (1024 blocks), 32 MB (2048 
blocks), or 64 MB (4096 blocks). 

40 [0043] One page is composed of a data portion of 51 2 
bytes and a redundant portion of 1 6 bytes. The first three 
bytes of the redundant portion is an overwrite portion 
that is rewritten whenever data is updated. The first 
three bytes successively contain a block status area, a 

45 page status area, and an update status area The re- 
maining 1 3 bytes of the redundant portion arc fixed data 
that depends on the contents of the data portion. The 
13 bytes contain a management flag area (1 byte), a 
logical address area (2 bytes), a format reserve area (5 

50 bytes), a dispersion information Error-Correcting Code 
( ,, ECC ,, ) area (2 bytes), and a data ECC area (3 bytes). 
The dispersion information ECC area contains redun- 
dant data for an error correction process for the man- 
agement flag area, the logical address area, and the lor- 

55 mat reserve area. The data ECC area contains redun- 
dant data for an error correction process for the data in 
the 512-byte data portion. 

[0044] The management flag area contains a system 
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flag (1 : user block, 0: boot block), a conversion table flag 
(1 : invalid, 0: table block), a copy prohibition flag (1 : copy 
allowed, 0: copy not allowed), and an access permission 
flag (1: free, 0: read protect). 

[0045] The first two blocks - blocks 0 and 1 are boot 
blocks. Block 1 is a backup of block 0. The boot blocks 
are top blocks that arc valid in memory card 40 or 40'. 
When memory card 40 or 40' is attached lo recorder/ 
player 1 , the boot blocks arc accessed first. The remain- 
ing blocks are user blocks. Page 0 of a boot block con- 
tains a header area, a system entry area, and a boot 
and attribute information area. Page 1 of a boot block 
contains a prohibited block data area, Page 2 of a boot 
block contains a CIS (Card Information StructureyiDI 
(Identify Drive Information) area. 

[0046] FIG. 6 shows the format of pages 0,1 , and 2 of 
a boot block A header (368 bytes) of a hoot block stores 
a boot block ID, a format version, and the number of 
valid entries of the boot block. A system entry (48 bytes) 
stores the start position of the prohibited block data, the 
data size thereof, the data type thereof, the data start 
position of CIS/IDI, the data size thereof, and the data 
type thereof. The boot and attribute information contains 
memory card type (read only type, rewritable type, or 
hybrid type), the block size, the number of blocks, the 
number of total blocks, the security/non-securitytype, 
the card fabrication data (date of fabrication), and so 
forth. 

[0047] FIG. 7 shows the structure of the boot & at- 
tribute information (96 bytes) shown in FIG. 6. The boot 
& attribute information may include the class of the 
memory card, the type (read only, read write enable, hy- 
brid of both types, etc.), the block size, the number of 
blocks, the total number of blocks, the security type/non- 
security type, the production data (the date of produc- 
tion: year, month, day), and so forth. Recorder/player 1 
determines whether or not a memory card is of the se- 
curity type using the security type information (one 
byte). In FIG. 7, (*1) represents a data item that record- 
er/player 1 reads and checks when a memory card is 
attached thereto; and (*2) represents production/quality 
management data item. 

[0048] It is appreciated that the insulation film of flash 
memory 42 deteriorates whenever data stored therein 
is rewritten. Thus, the service life of memory card 40 or 
40' is limited by the number of times flash memory 42 is 
rewritten. Accordingly, it is preferable to prevent a par- 
ticular storage area (block) of flash memory 42 from be- 
ing repeatedly accessed. Consequently, when data 
stored at a particular physical address is to be rewritten, 
updated data is not written hack to the same block. In- 
stead, the updated data is written to a block that has not 
been used. Thus, after data is updated, the relationship 
between physical addresses and logical addresses var- 
ies. When such a process (referred to as a swapping 
process) is performed, the same block is prevented from 
being repeatedly accessed. Thus, the service life of 
flash memory 42 can be prolonged. 



[0049] Since a logical address corresponds to data 
written to a block, even if updated data is physically 
moved to another block, the same logical address may 
be maintained in the FAT. The swapping process causes 

s the relationship between logical addresses and physical 
addresses to vary. Thus, a conversion table that con- 
verts logical addresses into physical addresses is 
changed accordingly when such a swapping process is 
performed. By referencing the conversion table, a phys- 

10 ical address corresponding^ a logical address desig- 
nated by the FAT is obtained. Thus, the updated data 
can be properly accessed using the same logical ad- 
dress. 

[0050] The logical address - physical address conver- 
ts sion table is stored in a memory Random Access Mem- 
ory ("RAM") by CPU 2. However, when the storage ca- 
pacity of the RAM is small, the logical address - physical 
address conversion table can be stored in flash memory 
42. This table basical ly correlates logical addresses 
20 (two bytes) arranged in ascending order with physical 
addresses (two bytes). Since the maximum storage ca- 
pacity of flash memory 42 is 1 28 MB (81 92 blocks), with 
two bytes, 8192 addresses can be represented. In ad- 
dition, the logical address - physical address conversion 
25 table is managed segment by segment. The size of the 
logical address - physical address conversion table is 
proportional to the storage capacity of flash memory 42. 
If the storage capacity of flash memory 42 is 6 MB (two 
segments), two pages corresponding to the two seg- 
30 ments are used for the logical address - physical ad- 
dress conversion table. If the logical address - physical 
address conversion table is stored in flash memory 42, 
one bit of the management flag of the redundant portion 
of each page represents whether or not a relevant block 
35 has been stored in the logical address - physical ad- 
dress conversion table. 

[0051] Next, the security protecting function will be 
further described. First of all, with reference to FIGS. 8A 
and 8B, the relation between a key and contents will be 

40 described. Each tune (or song) stored in flash memory 
42 may be referred to as a track. FIG. 8A illustrates one 
track stored in flash memory 42. As shown in FIG. 8 A, 
each track includes a key area (header) 1 01 . A contents 
key CK created for each track (title) of encrypted audio 

45 data is encrypted with a memory card unique storage 
key Kstm and the resultant data is stored to key area 
1 01 . DES is used for an encrypting process for the con- 
tents key CK and the storage key Kstm. DES (Kstm, CK) 
represents that the contents key CK is encrypted with 

50 the storage key Kstm. An encoded value preferably has 
64 bits composed of 56 bits of data and 8 bits of an error 
detection by Cyclical Redundancy Checking ("CRC"). 
[0052] Each track is divided into parts 102. A parts 
key PK is recorded with each part. Illustratively, the track 

55 shown in FIG. 8A comprises only one part 102. Part 102 
is a set of blocks 103 (16 KB each). Each block 103 
stores a block seed BK_SEED and an initial vector I NY 
The part key PK is paired with a contents key CK so as 



BNSDOCID: <EP„_„„ 1043860A2. I_> 



13 



EP 1 043 860 A2 



14 



to create a block key BK for encrypting the contents. In 
other words, BK = DES (CK (+) PK, BK_SEED) (56 bits 
+ 8 bits) (where (+) represents an exclusive-OR). The 
initial vector INV is an initial value for an encrypting/de- 
crypting process for a block. 

[0053] FIG. 8B relates to contents data in recorder/ 
player 1 . A contents key CK for each track of contents 
is decrypted and Ihe resultant data is re-encrypledwilh 
a recorder unique storage key Kstd. The re-encrypted 
data is stored in a key area 111 In other words, the de- 
crypting process is denoted by IDES (Kstm, CK) (56 bits 
+ 8 bits). The re-encrypting process is denoted by DES 
(Kstd, CK) (56 bits + 8 bits). A part key PK for creating 
a block key BK is recorded for each part 112 of the con- 
tents. Each block 113 of a part 112 may store a block 
seed BK-SEED and an initial vector INV. As with the 
memory card, the block key BK is represented as BK = 
DES (CK (+) PK, BK_SEED) (56 bits + 8 bits) 

Write Operation to Memory Card 40 

[0054] An encrypting process which may be utilized 
in a recording (write) operation of recorder/player will 
now be explained with reference to FIG. 9. For simplicity, 
in FIG. 9, similar portions to those in FIG. 1 are denoted 
by similar reference numerals and their description is 
omitted. In addition, interface 11, bus 16, and control 
block 41 , through which data and commands arc trans- 
ferred between the components of recorder/player 1 
and memory card 40, have been omitted from FIG. 9 
and the following process explanation for simplicity. In 
FIG. 9, SeK is a session key shared between recorder/ 
player 1 and memory card 40 after they have been mu- 
tually authenticated. In FIG. 9, reference numeral 10' is 
a CD and a source of a digital audio signal inputted at 
digital input 10. 

[0055] When memory card 40 is attached to recorder/ 
player 1 , recorder/player 1 determines whether or not 
memory card 40 is a security type memory card by use 
of the identification information in the boot area thereof. 
Since memory card 40 is a security type memory card, 
recorder/player 1 and memory card 40 are mutually au- 
thenticated. 

[0056] The process of mutual authentication between 
recorder/player 1 and memory card 40 will be hereinbe- 
low described with reference to FIG 10 
[0057] After a write request signal is sent from record- 
er/player 1 to memory card 40, recorder/player 1 and 
memory card 40 mutually authenticate again, as will be 
described in further detail with reference to FIG. 10. If 
recorder/player 1 and memory card 40 recognise each 
other as legitimate in accordance with the mutual iden- 
tification process, a key writing process, as will be de- 
scribed in further detail with reference to FIG. 11, is per- 
formed. Otherwise, the write operation is terminated. Af- 
ter the key writing process is complete, audio data is 
encrypted and written to memory card 40 through inter- 
face 11 by CPU 2. 



[0058] With reference to FIG. 9, recorder/player 1 
generates a random number for each track of data 
(tune) to be written and creates a corresponding con- 
tents key CK according to each of the random numbers. 

5 Security block 3 of recorder/player 1 encrypts contents 
key CK using session key SeK. Recorder/player 1 out- 
puts the encrypted contents key CK to memory card 40. 
DES encrypling/decryptingcircuit 54 of security block 52 
in memory card 40 decrypts the encrypted contents key 

10 CK, and re-encrypts the decrypted contents key CK us- 
ing a storage key Kstm from memory 55. Memory card 
40 outputs the re-encrypted CK to recorder/player 1 
(CPU 2). Recorder/player 1 (CPU 2) sets the re-encrypt- 
ed contents key CK in the key area 111 (as shown in 

15 FIG. 8B) of each track. Recorder/player 1 generates a 
random number for each part data area 112 (as shown 
in FIG 8B) of each track, and creates a part key PK ac- 
cording to each random number. Each created part key 
PK is set in a corresponding part data area 1 1 2 by CPU 

20 2. 

[0059] A temporary key TMK may be generated by 
performing an XOR of part key PK and contents key CK 
by recorder/player 1 for each part data area 112 as 
shown below in equation (1 ). The creation of temporary 
25 key TMK is not limited to using an XOR function. It is 
possible to use other functional operators, such as a 
simple AND operator. 

3Q TMK = PK XOR CK (1) 

[0060] Recorder/player 1 generates a random 
number for each block 113 of each pan data area 112 
and creates block seed BK_SEED according to each 

35 random number. Further, recorder/player 1 (CPU 2) sets 
the created block seed BK_SEED into its proper position 
in each corresponding block 113. Recorder/player 1 us- 
es the temporary key TMK and the block seed 
BK_SEED in equation (2) to perform a Message Au- 

40 thentication Code ("MAC") operation to create block key 
BK for each block 113. 

BK = MAC (TMK, BK_SEED) (2) 

45 

[0061] It is possible to perform processing other than 
a MAC operation by using a secret key on the input of 
aSHA-1 (secure Hash algorithm), RIPEMD-160, or oth- 
er one-way Hash functions to create block key BK. Here, 
50 the one-way function f defines a function from which it 
is easy to calculate y = f (x) from x, but conversely difficult 
to find x from y. A one-way Hash function is described 
in detail in the "Handbook of Applied Cryptography, CRC 
Press". 

55 [0062] Audio encoder/decoder7 compresses the dig- 
ital audio signal inputted to digital input 10 from CD 10' 
or the digital signal from A/D converter 9, which converts 
an analog audio signal inputted to analog input 8 into a 



8 



vJSDOCID <EP_ ... . .... 1043860A2J > 



15 



EP 1 043 860 A2 



16 



digital signal, in accordance with the ATRAC3 format. 
Then, security block 3 encrypts the compressed audio 
data in the Cipher Block Chaining ("CBC") mode by us- 
ing the block key BK, the CBC mode being a data en- 
cryption mode prescribed in Federal Information 
Processing Standard ("FITS") PUB 81 ("DES MODES 
OF OPERATION"). 

[0063] Recorder/player 1 adds headers to the en- 
crypted audio data and outputs the results to memory 
card 40. Memory card 40 writes the encrypted audio da- 
ta and headers into flash memory 42. At this point, writ- 
ing of audio data from recorder/player 1 to memory card 
40 is complete. 

[0064] FIG. 10 shows an authenticating process per- 
formed between recorder/player 1 (SET) and memory 
card 40 (MEMORY CARD). At step S1 , the random 
number generator of security block 52 in memory card 
40 generates a random number Rm and sends the ran- 
dom number Rm and the serial number ID of memory 
card 40 to recorder/player 1 . 

[0065] At step S2, recorder/player 1 receives Rm and 
ID and generates an authentication key IKj according to 
the relationship IKj = MAC (MKj, ID), where MKj is one 
of the master keys stored in security block 3. Recorder/ 
player 1 generates a random number Rd and creates a 
message authenticator MAC A (Message Authentication 
Code) with the authentication key, namely, MAC(IKj, Rd 
// Rm // ID). Thereafter, recorder/player 1 generates a 
random number Sd and sends Rd // Sd // MAC A // j to 
memory card 40. 

[0066] At step S3, memory card 40 receives the data 
RD // Sd // MAC A //j, finds an authentication key I Kj from 
security block 52 corresponding to j, and calculates a 
MAC B with the authentication key IKj using Rd, Rm, and 
ID. When the calculated MAC B is equal to the received 
MAC A , memory card 40 determines that recorder/player 
1 is valid (i.e., authorized). At step S4, memory card 40 
creates MAC C = MAC(IKj, Rm // Rd) and generates a 
random number Sm. Thereafter, memory card 40 sends 
Sm // MAC C to recorder/player 1 . 

[0067] At step S5, recorder/player 1 receives Sm // 
MAC C from memory card 40. Recorder/player 1 calcu- 
lates MAC D using IKj, Rm, and Rd. When the calculated 
MAC D is equal to the received MAC C , recorder/player 1 
determines that memory card 40 is valid (i.e., author- 
ized). At step S6, recorder/player 1 designates MAC 
(I Kj, Rm // Rd) as the session key SeK. At step S7, mem- 
ory card 40 designates MAC (IKj, Rm // Rd) as the ses- 
sion key SeK. When recorder/player 1 and memory card 
40 are mutually authenticated, the session key SeK is 
shared between them The session key SeK is created 
whenever authentication is successful. 
[0068] FIG. 11 shows a key writing process in the case 
that recorder/player 1 (SET) records audio data to flash 
memory 42 of memory card 40 (MEMORY CARD). At 
step S 11, recorder/player 1 generates a random 
number for each track of contents and creates a con- 
tents key CK. At step S12, recorder/player 1 encrypts 
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the contents key CK with the session key SeK and sends 
encrypted DES (SeK, CK) to memory card 40. 
[0069] At step S1 3, memory card 40 receives the data 
DES (SeK, CKJfrom recorder/player 1 and decrypts the 

5 contents key CK with the session key SeK. The decrypt- 
ing process is denoted by IDES (SeK, DES (SeK, CK)). 
At step S14, memory card 40 re-encrypts the decrypted 
contents key CK with the storage key Kslm from mem- 
ory 55 and sends the re-encrypted contents key DES 

10 (Kstm, CK) to recorder/player 1 . 

[0070] At step S15, recorder/player 1 places the re- 
encrypted contents key CK in the key area 111 for man- 
aging the corresponding part data area 112 and per- 
forms a formatting process so that the re-encrypted con- 

15 tents key CK and the contents are recorded to flash 
memory 42 of memory card 40. To encrypt the contents, 
the contents key CK and the part key PK are exclusive- 
Ored (XOR, or alternatively. AND), as illustrated in Fig 
9 and equation 11 above. The result of the XOR opera- 

20 tion is the temporary key TMK. The temporary key TMK 
is stored only in security block 3. Thus, the temporary 
key TMK is not accessible from outside of security block 
3. At the beginning of each block 1 1 3, a random number 
is generated as a block seed BK_SEED. The random 

25 number is stored in each part data area 112. Recorder/ 
player 1 encrypts the block seed BK_SEED with the 
temporary key TMK to obtain a block key BK. In other 
words, the relation of BK = (CK (+) PK, BK_SEED) is 
obtained. The block key BK is stored only in security 

30 block 3. Thus, the block key BK is not accessible from 
outside of security block 3. 

[0071] At step S1 6, recorder/player 1 encrypts the da- 
ta in each part data area 112 block by block with the 
block key BK and sends the encrypted data and the data 
35 in key area 111 to memory card 40. Memory card 40 
records the encrypted data and the data in key area 1 1 1 
(header data) received from recorder/player 1 to flash 
memory 42 at step S17. 

40 Read Operation from Memory card 40 

[0072] A decrypting process for use in a reproducing 
(read) operation of recorder/player 1 will now be ex- 
plained with reference to FIG. 12. For simplicity, in Fig. 

45 12, similar portions to those in FIG. 1 are denoted by 
similar reference numerals and their description is omit- 
ted. In addition, interface 11 , bus 16, and control block 
41 , through which data and commands are transferred 
between the components of recorder/player 1 and mem- 

50 ory card 40, have been omitted from FIG. 12 and the 
following process explanation for simplicity. 
[0073] A read request signal specifying a desired 
track of data (tune) is sent from recorder/player 1 to 
memory card 40. Recorder/player 1 and memory card 

55 40 perform a mutual authentication operation, as above 
described with reference to FIG. 10. If recorder/player 
1 and memory card 40 recognize each other as legiti- 
mate in accordance with the mutual identification proc- 
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ess a key writing process, as above described with ref- 
erence to Fig. 1 1 , is performed. Otherwise, the read op- 
eration is terminated. After the key writing process is 
complete, encrypted audio data is read from memory 
card 40 to recorder/player 1 by CPU 2. 
[0074] Since mutual identification is carried out be- 
tween memory card 40 and recorder/player 1, the en- 
crypted contents key CK can be decrypted using the 
proper session key SeK only when memory card 40 and 
recorder/player 1 identify each other as legitimate. 
Therefore, illicit utilization of the audio data is easily 
avoided. Data read during the read operation had been 
written by the above-described write operation shown 
in FIG. 9. The setting of the contents key CK and the 
part key PK in each part data area 112, and the block 
seed BK_SEE D in each block 1 1 3 is used for writing da- 
ta to, and thus reading data from, the corresponding part 
data area 102 After step S6 of Fig 10 is completed, 
memory card 40 and recorder/player 1 share session 
key SeK. The reading of audio data from memory card 
40 proceeds as follows. 

[0075] Memory card 40 specifics the data in the part 
data area 102 (FIG. 8A) corresponding to the read re- 
quest signal and outputs the audio data in sound units 
SUs from the blocks 103 (FIG. 8A) in the specified part 
data area 102. Memory card 40 also reads the corre- 
sponding key area 101 (FIG. 8A) of the audio data and 
outputs it to recorder/player 1 . 

[0076] Recorder/player 1 picks-up the encrypted con- 
tents key CK from the data in the key area 101 and out- 
puts it to memory card 40. DES encrypting/decrypting 
circuit 54 of security block 52 in memory card 40 de- 
crypts the encrypted contents key CK using storage key 
Kstm stored in memory 55, and re-encrypts the decrypt- 
ed contents key CK using session key SeK 
[0077] Memory card 40 outputs the re-encrypted con- 
tents key CK to recorder/player 1 . Recorder/player 1 de- 
crypts the re-encrypted contents key CK from memory 
card 40 using session key SeK. Recorder/player 1 then 
obtains the XOR of the decrypted contents key CK and 
the part key PK from data in each part data area 1 02 so 
as to obtain the temporary key TMK in accordance with 
equation (3). 

TMK=PK XOR CK (3) 

[0078] Recorder/player 1 uses the temporary key 
TMK and the block seed BK_SEED in each part data 
area 102 to perform the MAC operation shown in the 
following equation (4) so as to obtain the block key B K. 
The block key BK is found for every block 103 as follows. 

BK = MAC (TMK, BK_SEED) (4) 

[0079] Security block 3 of recorder/player 1 decrypts 
the audio data by using the block key BK. More specif- 



ically, the audio data is decrypted for every block 103 
using the individually found block key BK. Further, de- 
cryption is carried out in the same 16KB blocks 103 as 
used for encryption. Audio encoder/decoder7 expands 

s the decrypted audio data according to the ATRAC3 sys- 
tem and outputs the decoded signal through digital out- 
put 1 4 or D/A converter 1 2 converts the digital audio sig- 
nal into an analog signal and outputs the result through 
analog output 13. Alternatively, the ATRAC3 audio data 

io from security block 3 is outputted through output 15. Au- 
dio encode r/decoder7 expands the audio data in sound 
units SUs. 

[0080] FIG. 13 shows the decrypting process when 
recorder/player 1 reproduces an audio track stored in 

15 flash memory 42 of memory card 40. As with the write 
operation shown in FIGS. 9 to 11 , the session key SeK 
is shared between recorder/player 1 and memory card 
40 after they are mutually authenticated. 
[0081 ] At step S21 , recorder/player 1 (SET) reads da- 

20 ta from memory card 40 (MEMORY CARD) and obtains 
the contents key CK encrypted with the storage key 
Kstm (namely, DES (Kstm, CK)) and encrypted contents 
(part data area(s) 102 of the desired track). Thereafter, 
recorder/player 1 sends the contents key CK encrypted 

2S with the storage key Kstm to memory card 40. 

[0082] At step S22, memory card 40 decrypts the con- 
tents key CK with the storage key Kstm (namely IDES 
(Kstm, DES (Kstm. CK)). At step S23, memory card 40 
encrypts the decrypted contents key with the session 

30 key SeK and sends DES (SeK, CK) to recorder/player 1 . 
[0083] At step S24, recorder/player 1 decrypts the 
contents key with the session key SeK. At step S25, re- 
corder/player 1 creates a block key BK with the decrypt- 
ed contents key CK, a part key PK, and a block seed 

35 BK_SEED. At step S26, recorder/player 1 decrypts 
each encrypted part data area 102 with the block key 
BK block by block. The audio encoder/decode r7 de- 
codes the decrypted audio data. 

[0084] With reference to interface 11 shown in FIG. 2, 
40 FIG. 14 shows a timing chart of data being read from 
memory card 40. In other than state 0 (initial state), a 
clock signal used to synchronize data is sent through 
clock line SCK. When data is sent or received between 
recorder/player 1 and memory card 40, the signal level 
45 of status line SBS is low An initial condition may be re- 
ferred to as state or status 0 (initial state). At timing t31 , 
recorder/player 1 causes the signal level of status line 
SBS to become high (state 1). 

[0085] When the signal level of status line SBS be- 
50 comes high, memory card 40 (S/P and P/S IF block 43) 
determines that state 0 has changed to state 1 . In stale 
1 , recorder/player 1 sends a read command to memory 
card 40 through data line DIO. Thus, memory card 40 
receives the read command. The read command is a 
55 protocol command referred to as a Transfer Protocol 
Command ("TPC"). As will be described later, the pro- 
tocol command designates the contents of the commu- 
nication and the length of data that follows. 
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[0086] At timing t32, after a command lias been trans- 
mitted, the signal level of status line SBS changes from 
high to low. Thus, state 1 changes to state 2. In state 2, 
a process designated by a command received by mem- 
ory card 40 is performed. In reality, data of an address 
designated by the read command is read from flash 
memory 42 to page buffer 45. While the process is being 
performed, a busy signal (high level) is sent to recorder/ 
player 1 through data line DIO. 

[0087] At timing t33, after data has been read from 
flash memory 42 to page buffer 45, the supplying of the 
busy signal is slopped. A ready signal (low level) that 
represents that memory card 40 is ready to send data 
in accordance with the read command is outputted to 
recorder/player 1 . 

[0088] When recorder/player 1 receives the ready sig- 
nal from memory card 40, recorder/player 1 determines 
that memory card 40 is ready for processing the read 
command. At timing t34, recorder/player 1 causes the 
signal level of status line SBS to become high. In other 
words, state 2 changes to state 3. 
[0089] In state 3, memory card 40 outputs data that 
has been read to page buffer 45 in state 2 to recorder/ 
player 1 through data line DIO. At timing t35, after the 
read data has been sent, recorder/player 1 stops send- 
ing the clock signal through clock line SCK. In addition, 
recorder/player 1 causes the signal level of status line 
SBS to change from high to low. Thus, state 3 changes 
to the initial state (state 0). 

[0090] When an interrupt process should be per- 
formed such as due to a state change in memory card 
40 as at timing t36, memory card 40 sends an interrupt 
signal to recorder/player 1 through data line DIO. When 
recorder/player 1 receives the interrupt signal through 
data line DIO from memory card 40 in state 0, recorder/ 
player 1 determines that the signal is an interrupt signal 
and performs a process corresponding to the interrupt 
signal. 

[0091] FIG. 15 is a timing chart of an operation in 
which data is written to flash memory 42 of memory card 
40. In the initial state (state 0). the clock signal is not 
sent through clock line SCK. At timing t41, recorder/ 
player 1 causes the signal level of status line SBS to 
change from low to high. Thus, state 0 changes to state 
1 In state 1 , memory card 40 is ready to receive a com- 
mand. At timing t41 , a write command is sent to memory 
card 40 through data line DIO and memory card 40 re- 
ceives the write command. 

[0092] At timing t42, recorder/player 1 causes the sig- 
nal level of status line SBS to change from high to low. 
Thus, state 1 changes to state 2. In state 2, recorder/ 
player 1 sends write data to memory card 40 through 
data line DIO and memory card 40 stores the received 
write data to page buffer 45. 

[0093] At timing t43, recorder/player 1 causes the sig- 
nal level of status line SBS to change from low to high. 
Thus, state 2 changes to state 3. In state 3, memory 
card 40 writes the write data to flash memory 42, mem- 



ory card 40 sends a busy signal (high level) to recorder/ 
player 1 through data line DIO, and recorder/player 1 
sends a write command to memory card 40. Since the 
current state is state 3, recorder/player 1 determines 
5 that the signal received from memory card 40 is a status 
signal. 

[0094] At timing t44, memory card 40 stops outputting 
the busy signal and sends a ready signal (low level) to 
recorder/player 1 . When recorder/player 1 receives the 

10 ready signal, recorder/player 1 determines that the writ- 
ing process corresponding to the write command has 
been completed and slops sending the clock signal. Ad- 
ditionally at timing t45, recorder/player 1 causes the sig- 
nal level of status line SBS to change from high to low. 

is Thus, state 3 returns to state 0 (initial state). 

[0095] When recorder/player 1 receives a high level 
signal from memory card 40 through data line DIO in 
state 0, recorder/player 1 determines that the received 
signal is an interrupt signal. Recorder/player 1 performs 

20 a process corresponding to the received interrupt signal. 
When memory card 40 is to be detached from recorder/ 
player 1 , memory card 40 generates the interrupt signal. 
[0096] In other than the reading process and the writ- 
ing process, in slate 1, a command is sent. In state 2, 

25 data corresponding to the command is sent 

[0097] It is noted that the serial interface disposed be- 
tween recorder/player 1 and memory card 40 is not lim- 
ited to interface 11 as described above. In other words, 
various types of serial interfaces may be used. 

30 [0098] FIG. 16 is a table depicting examples of proto- 
col commands (TPC codes) sent through the data line 
DIO of the serial interface. The data length of each pro- 
tocol command is one byte. In FIG. 16, each protocol 
command is represented in hexadecimal notation (with 

35 suffix h) and decimal notation (0 and 1 ). In addition, def- 
initions of individual protocol commands are represent- 
ed for both the non-security type memory card 40' (see 
FIG. 3) and the security type memory card 40 (see FIG. 
2). In FIG. 16, R and W represent a read type protocol 

40 command and a write type protocol command, respec- 
tively. As described above, since a command is sent in 
state 1 and data is sent in state 2, the data length (in 
bytes) corresponding to each protocol command is 
shown. 

45 [0099] At this point, each of the protocol commands 
TPC will be described 

[0100] TPC = 2Dh is an access command to a con- 
ventional flash memory (this command is simply re- 
ferred to as memory control command). This command 

so js a page data read command and is common to the 
memory cards 40 and 40'. The length of data preceded 
by the command is the data length for one page (512 
bytes + 2 bytes (CRC)). The page data is read from the 
page buffer 45. 

55 [0101] TPC = D2h is a memory control command. 
This command is a page data write command. The 
length of data preceded by the command is the data for 
one page (512 bytes + 2 bytes (CRC)). The page data 
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is written to the page buffer 45. 

[0102] TPC = 4Bh is a memory control command. This 
command is a read command against the read register 
48. The data length of data preceded by the command 
is (31 bytes + 2 bytes (CRC)). 

[01 03] TPC = B4h is a memory control command. This 
command is a write command against the write register 
46. The data length of data preceded by the command 
is (31 bytes + 2 bytes (CRC)). 

[01 04] TPC - 78h is a memory control command. This 
command is a command for reading one byte from the 
read register 48. The data length of data preceded by 
the command is (1 byte + 2 bytes (CRC)). 
[0105] TPC = 87h is a memory control command. This 
command is a command for varying the access range 
of the command register 44. The data length of data pre- 
ceded by the command is (4 bytes + 2 bytes (CRC)). 
[01 06] TPC = 1 Eh is a data read command for the sta- 
tus register of the security block 52 of the memory card 
40. However, this command is not defined for the mem- 
ory card 40'. The data length of data preceded by the 
command is (2 bytes + 2 bytes (CRC)). A command ded- 
icated for the security block 52 is referred to as security 
command. 

[0107] TPC = E1h is a memory control command. This 
command is a command set command against the com- 
mand register 44. This command is followed by a com- 
mand in a lower hierarchical level than TPC commands. 
Thus, the data length of this command is (1 byte + 2 
bytes (CRC)). 

[0108] TPC = 3Ch is a security data read command 
against the security block 52 of the memory card 40. 
However, this command is not defined for the memory 
card 40*. The data length of data preceded by the com- 
mand is (24 bytes + 2 bytes (CRC)). 
[0109] TPC = C3h is a security data write command 
against the security block 52 of the memory card 40. 
However, this command is not defined for the memory 
card 40'. The data length of data preceded by the com- 
mand is (26 bytes + 2 bytes (CRC)). 
[01 1 0] With reference now to FIGS. 1 7 and 1 8, a com- 
mand (1 byte) followed by the TPC = E1 h command will 
be described. FIG. 17 shows commands for the non- 
security type memory card 40'. These are as follows: 
E1h = AAh: block read command 
E1h = 55h: block write command 
E1h = 33h: block read/write cancel command 
E1h = 99h: block erase command 
E1h = CCh: memory operation stop command 
E1h = 5Ah: power save mode command 
E1h = C3h: page buffer clear command 
E1h = 3Ch: memory controller reset command 
[0111] FIG. 16 shows commands for the security type 
memory card 40. Since the definitions of the commands 
(AAh to 3Ch) shown in FIG. 18 are the same as those 
shown in FIG. 1 7, they are omitted. In other words, these 
commands are memory control commands defined in 
common with the memory cards 40 and 40'. In FIG. 18, 



commands (60h to 83h) are security commands for an 
encrypting process (including a decrypting process and 
an authenticating process) dedicated for the memory 
card 40. 

5 [0112] As shown in FIGS. 17 and 18, the memory con- 
trol commands TPC in common with the memory cards 
40 and 40* and security commands TPC dedicated for 
the memory card 40 are defined. Likewise, this relation 
applies to commands in lower hierarchical levels. In oth- 

10 er words, in the lower hierarchical levels, common mem- 
ory control commands and security commands are de- 
fined. The security commands arc not defined (not used) 
for the memory card 40'. According to the illustrative em- 
bodiment, when the S/P and P/S IF block 43 receives a 

*5 command from the recorder 1 through the serial inter- 
face, the memory card 40 determines whether or not the 
received command TPC is a common memory control 
command or a security command The memory card 40 
sends subsequent data to an appropriate circuit corre- 

20 sponding to the determined result. When, the received 
command is for example the TPC = Elh command of 
which a command is followed by another command, the 
memory card 40 sends the command to a proper circuit 
corresponding to the definitions for the commands 

25 shown in FIG. 18. 

[0113] FIG. 19 depicts an arrangement for selecting 
a circuit to which data is intended for, in correspondence 
with a received command. The arrangement is embod- 
ied within interface circuit 43 of memory card 40. Data 

30 is sent from recorder 1 to memory card 40 through data 
line DIO. The received data is supplied to a terminal "a" 
of a switch circuit 152 through a delay circuit 150. In ad- 
dition, the receive data, is supplied to an input terminal 
of a detecting circuit 151. Detecting circuit 151 deter- 

35 mines whether or not a protocol command (TPC) re- 
ceived through the data line DIO is a memory control 
command or a security command, according tothe code 
value of the protocol command. Switch circuit 152 is 
controlled in accordance with the determined result. De- 

40 lay circuit 150 compensates the detecting time of de- 
tecting circuit 151. These structural elements are ac- 
complishedby hardware and/or software in the S/P and 
P/S IF block 43. According to the embodiment, since 
codes that arc not used for memory control commands 

45 are assigned to security commands, detecting circuit 
151 can easily determine these two types of commands. 
[0114] When the detecting crrcuit 1 51 has determined 
that the received protocol command is a memory control 
command, the terminal "a" of the switch circuit 151 is 

50 connected to a terminal "b". Thus, the memory control 
command is supplied to a page buffer (e.g., page buffer 
45 shown in FIG. 2, but omitted in FIG. 19 for clarity), a 
register (e.g., register 46 or 48 shown in FIG. 2), and so 
forth through the terminals "a" and "b" of the switch cir- 

55 cuit 151 so as to control the flash memory 42. Data fol- 
lowing the memory control command is supplied to the 
page buffer, the register, and so forth. Alternatively, data 
is sent from the page butler, the register, and so forth to 
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the recorder 1 through the terminals M b" and N a M of the 
switch circuit 151 . 

[0115] When the detecting circuit 151 has determined 
that the received protocol command is a security com- 
mand; the terminal "a" of the switch circuit 151 is con- 
nected to a terminal "c" thereof The security command 
is supplied tothe security block 52 through the terminals 
"a" and "c" of the switch circuit 151. Data following the 
security command is supplied to the security block 52. 
The data is sent from security block 52 to recorder 1 
through the terminals "a" and "c" of switch circuit 151. 
[0116] When the received command is the protocol 
command (TPC = E1 h), it is followed by a normal mem- 
ory control command or a security command. When the 
detecting circuit 151 receives the TPC = E1h protocol 
command, the detecting circuit 151 determines whether 
the command is followed by a control command or a se- 
curity command Memory card 40 then controls the 
switch circuit 151 according to the determined result. 
When the received command is other than the com- 
mand TPC = E1 h and it is followed by a memory control 
command or a security command, the memory card 40 
can send data to a proper circuit corresponding to the 
code value of the command. 

[0117] Since memory card 40 has a function for de- 
termining whether the received command is a memory 
control command or a security command, memory card 
40 can be used for a non-security type recorder In other 
words, a non-security type recorder does not exchange 
security information with memory card 40. The non-se- 
curity type recorder sends only write/read memory con- 
trol commands and data corresponding thereto to mem- 
ory card 40. As described above, memory card 40 de- 
termines whether or not a command received from a re- 
corder is a memory control command and writes or 
reads data corresponding thereto to/from the flash 
memory 42. Thus, data can be written or read to/from 
the memory card 40. 

[0118] With reference now to FIG. 20, the illustrative 
embodiment of the present invention will be further de- 
scribed. FIG. 20 shows the structure of the security 
block 52 of the memory card 40 in detail. The security 
block 52 is structured as a single chip IC along with the 
non-volatile memory 42, the S/P and P/S IF block 43, 
the page buffer 45, and so forth As described above, 
the S/P and P/S l/F block 43 and the security block 52 
arc connected. The structure of the securityblock 3 of 
recorder 1 is the same as the structure of the security 
block 52 shown in FIG. 20. 

[0119] In FIG. 20, reference numeral 110 is a DES en- 
crypting circuit having a key storing memory (a non-vol- 
atile memory). In association with the encrypting circuit 
1 1 0, a register group 1 1 1 is provided. The encrypting cir- 
cuit 1 1 0 performs an encrypting process in, for example, 
CBC mode and controls switch circuits 11 2 and 11 3 so 
as to form a feedback loop. The contents of a write reg- 
ister 114 are supplied to the register group 111 through 
the switch circuit 1 1 2. The contents of the register group 



111 are stored in a read register 115. 
[0120] The read register 115 is connected to the reg- 
ister group 111 used in the encrypting circuit 110. The 
intermediate calculation result of the encrypting process 

5 is stored to the read register 115: Data written to the 
write register 1 1 4 is supplied from an S/P (Serial to Par- 
allel) and P/S (Parallel to Serial) block 116. Data read 
from the read register 1 1 5 is supplied to the l/F block 43 
through the S/P and P/S block 116. Write data is sup- 

io plied from the recorder 1 through the above-described 
serial interface. Read data is supplied to the recorder 1 
through the serial interface. 

[0121] Security block 52 also includes a command 
register (CMD) 117 and a status register (STTS)118. A 

15 security command (60h to 83h) shown in FIG. 1 8 is sent 
from the recorder 1 to the memory card 40. The security 
command isstoredtothecommand register 117 through 
the l/F block 43 and the S/P and P/S block 116 The 
command register 117 generates a command to be ex- 

20 ecuted next. Commands stored in the command register 

1 1 7 are those that allow non-secret contents to be read 
from the read register 115 to the exterior. These com- 
mands arc for example commands 63h, 67h, and 6Dh 
shown in FIG. 18. With these commands, encrypted da- 

25 ta created by the encrypting circuit 1 1 0 are sent from the 
register group 111 to the read register 115. With a com- 
mand that allows non-secret data to be read, the read 
register 1 1 5 is read-enabled. I n FIG . 20, the on/off states 
of the switch circuit 122 represent the read enable/dis- 

30 ablestates, respectively. 

[0122] Status information stored in the status register 

118 is sent to the recorder 1 through the S/P and P/S 
block 116 and the l/F block 43. The security block 52 
also has a command register 119 which stores a com- 

35 mand that is generated therein. In addition, the security 
block 52 has an increment block 120 that increments for 
example a command code. Thus, the security block 52 
successively generates command codes. When the 
power of the memory card 40 is turned on (in the initial 

40 state), the command code of the internally generated 
command is 60h. Whenever the security block 52 exe- 
cutes one command, the increment block 120 incre- 
ments the command code by "+1 " (as 61 h, 62h, 63h, 
71 h). When the memory card 40 is attached to the re- 

45 corder 1 , the command code is incremented from 60h 
to 71 h so as to authenticate the memory card 40. The 
command codes 72h to 83h are used after the memory 
card 40 has been authenticated. The command codes 
72h to 83h can be freely and repeatedly used , unlike 

so the case with commands used in the authenticating 
process. 

[0123] A comparing circuit 121 compares the values 
stored in the two command registers 117 and 119. The 
compared result of the comparing circuit 121 is stored 
55 in the status register 118. When the comparing circuit 
121 has determined that a command received from the 
recorder 1 (namely, the contents of the command reg- 
ister 117) matches an internally generated command 
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(namely, the contents of the command register 119), a 
non-error status is set to the status register 118. Data 
that represents the status is sent to the recorder 1 . Thus, 
the operation of the recorder 1 continues. When the 
compared result of the comparing circuit 121 represents 
that these commands do not match, an error status is 
set to the status register 118. Data that represents the 
slate is sent to the recorder 1 . Thus, the recorder 1 stops 
the operation. In addition, a message that represents 
the status is displayed. In this case, when a reset oper- 
ation is performed, the comparing circuit 121 is initial- 
ized. 

[0124] According to the embodiment, authentication 
commands can he executed only in a predetermined se- 
quence. Thus, even if the command 63h, 67h, 6Dh, or 
the like that causes the read register 1 1 5 to be enabled 
is supplied for illegally reading the intermediate calcula- 
tion result of the encrypting process, since the com- 
pared result of the comparing circuit 121 represents a 
mismatch, the operation of the recorder 1 is stopped. 
Thus, the intermedaite calculation result of the encrypt- 
ing process can be prevented from being illegally read. 
[0125] Although the above-described security func- 
tions according to the present invention were described 
in connection with the security unit 52 of memory unit 
40, it should be noted that the present invention can also 
be applied to the security block 3 of the recorder 1. In 
other words, certain features of security block 52, and 
in particular, the capability of preventing an intermediate 
calculation result to be read therefrom, can be incorpo- 
rated into the security block 3 of the recorder. In addition, 
while DES was described as a preferred encrypting 
method, it is contemplated that various other encrypting 
methods can alternatively be used. 
[0126] From the foregoing, it should be appreciated 
that embodiments of the present invention exhibit cer- 
tain advantages over the prior art. For instance, in the 
security unit that performs an encrypting process, since 
one register performs the function of storing the inter- 
mediate calculation result of the encrypting process and 
the additional function of storing the encrypted data it 
is not necessary to use two registers. In addition, since 
it is not necessary to use a plurality of encrypting circuits, 
the circuit scale of the security unit can be reduced. 
Moreover, the register is read-enabled only when non- 
secret data is stored to the register using a command 
code, thus enabling that data to be externally accessed. 
In other words, a secret intermediate calculation result 
can be prevented from being externally accessed. Thus, 
the security of secret data is improved. Even if a com- 
mand is received which allows the contents stored in the 
register to be read, the intermediate calculation result is 
prohibited from being accessed. 

[0127] It is also to be understood that the following 
claims are intended to cover all of the generic and spe- 
cific features of the invention herein described and all 
statements of the scope of the invention which, as a mat- 
ter of language, might be said to fall therebetween. 



Claims 

1. A security unit comprising: 

5 encrypting means for encrypting data in ac- 

cordance with a predetermined sequence of 
externally generated commands received by 
said security unit; 

storing means for storing a final result of the en- 
io crypt ion; and 

switching means operatively coupled to said 

storing means for selectively outputting the 

contents of said storing means; 

wherein said switching means is controlled to 
15 prevent external access to intermediate results 

of said encryption process stored in said storing 

means 

2. The security unit of claim 1 , further comprising sec- 
20 ond storing means for storing an externally gener- 
ated command received by the security unit; 

wherein said switching means is controlled to 
prevent access to results of said encryption in ac- 
cordance with the command stored in said second 
25 storing means. 

3. The security unit of claim 1 , further comprising de- 
tection means for detecting whether or not said 
commands are received in said predetermined se- 

30 quence 

4. The security unit of claim 1 , further comprising: 

command generating means for generating 
35 commands in said predetermined sequence; 

and 

comparing means for comparing the externally 
generated commands with the commands gen- 
erated by said command generating means; 



40 wherein if said commands so compared are not 

coincident, said security unit outputs an error 
signal. 

5. A memory unit comprising a non-volatile memory 
45 and a security unit for encrypting data in accord- 



ance with commands received in a predetermined 
sequence from the exterior of the security unit, said 
encrypted data being stored in said non-volatile 
memory, wherein said security unit comprises: 

so 

storing means for storing a final result of the en- 
cryption; and 

switching means operatively coupled to said 
storing means for selectively outputting the 
55 contents of said storing means; 

wherein said switching means is controlled to 
prevent external access to intermediate results 
of said encryption process stored in said storing 
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means. 

6. The memory unit of claim 5, wherein said security 
unit further comprises second storing means tor 
storing an externally generated command received 
by the security unit; 

wherein said switching means is controlled to 
prevent access to results of said encryption in ac- 
cordance with the command stored in said second 
storing means. 

7. The memory unit of claim 5, wherein said security 
unit further comprises detection means for detect- 
ing whether or not said commands are received in 
said predetermined sequence. 

8. The memory unit of claim 5, wherein said security 
unit further comprises: 

command generating means for generating 
commands in said predetermined sequence; 
and 

comparing means for comparing the com- 
mands received by the security unit with the 
commands generated by said command gen- 
erating means; 

wherein if the commands so compared are not 
coincident, said security unit outputs an error 
signal. 

9. The memory unit of claim 5, further comprising an 
interface means connected to said non-volatile 
memory and said security unit, for receiving exter- 
nal data supplied to said memory unit and for selec- 
tively supplying said external data to said non-vol- 
atile memory or said security unit. 

10. The memory unit of claim 9, wherein said interface 
means receives an external command supplied to 
said memory unit and supplies data to said non-vol- 
atile memory or to said security unit in accordance 
with said external command. 

11. A method for encrypting data in accordance with 
commands received in a predetermined sequence, 
comprising: 

storing a final result of said encryption in a stor- 
ing means; and 

preventing access to intermediate results of 
said encryption which are also stored in said 
storing means. 

1 2. The method of claim 1 1 , further comprising prevent- 
ing the outputting of final results of said encryption 
in response to a received command. 

13. The method of claim 11 , further comprising detect- 



ing whether or not said commands arc received in 
said predetermined sequence. 

1 4. The method of claim 1 1 , further comprising: 

5 

generating commands in said predetermined 
sequence; 

comparing the commands received in a prede- 
termined sequence with said generated com- 
10 mands; and 

outputting an error signal if the commands so 
compared are not coincident. 

15. The method of claim 11 wherein said storage means 
15 is a single register. 

16. A security unit comprising: 

an encrypting unit for encrypting data in accord- 
20 ance with commands received by said security 

unit; 

a common register for storing both intermediate 
results and final results or the data encryption; 
and 

25 a switching element operatively coupled to said 

register for selectively outputting the contents 
of said register; 

wherein said switching element is controlled to 
prevent external access to said intermediate re- 
30 suits of the encryption. 

17. A memory unit comprising a non-volatile memory 
and a security unit for encrypting data in accord- 
ance with received commands, said encrypted data 

35 being stored in said non-volatile memory wherein 
said security unit comprises: 

a common register for storing both intermediate 
results and final results of the data encryption; 
40 and 

a switching element operatively coupled to said 
register for selectively outputting the contents 
of said register; 

wherein said switching element is controlled to 
45 prevent external access to said intermediate re- 

sults of the encryption. 

18. A data processing unit including a security unit, said 
security unit comprising: 

50 

an encrypting unit for encrypting data in accord- 
ance with commands received by said security 
unit; 

a common register for storing both intermediate 
55 results and final results of the data encryption; 

and 

a switching element operatively coupled to said 
register for selectively outputting the contents 
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of said register; 

wherein said switching element is controlled to 
prevent external access to said intermediate re- 
sults of the encryption. 
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